Asset Details > Understanding technical assets > Data classifications

Data classifications

Data classification is the process of identifying and organizing data into relevant categories based on the functional meaning of data. Classifying data can help your organization manage risks, compliance, and data security.

In Metadata Command Center, enable the data classification capability on a catalog source and create data classification rules to identify and classify data into relevant categories. For example, you can create data classification rules to identify and tag sensitive information such as credit card numbers or customer addresses contained in columns or tables. You can then run the data classification rule against the catalog source and view the classification of columns and tables in Data Governance and Catalog.

For information about creating data classifications, see the Administration help module in Metadata Command Center.

Types of data classifications

Depending on the type of data that you want to identify and classify in your organization, there are three different types of data classifications that you can create and view in your organization.

Data element classification

This is the smallest unit of data classification. It refers to the classification of columns or fields of tables or files. Data element classification labels and categorizes information contained in data elements based on the metadata extracted from source systems and the facts collected as the result of data profiling. For example, you can use data element classification to find sensitive information in columns, such as, credit card numbers, Social Security Numbers or the driver's license numbers. You can then take actions to secure access to sensitive data and set standards for data privacy in your organization.

Data entity classification

This classification identifies data entities such as purchase order, invoice, customer, location, person, or address contained in a data set. A data entity is a collection of data elements and is derived based on an inclusion scope. For example, if 'Full Name', 'Gender', 'Date of Birth', 'Email', or 'Phone #' are identified in one or more columns of a table, then that table is classified as a 'person' entity. You can use entity classifications to identify important characteristics of data and group them together as entities.

CLAIRE Generated Data Classification

This classification is powered by CLAIRE. When you select it, the system automatically generates data classifications for the data elements without the need for any human input.

View data classifications for technical assets

You can view data element classifications, data entity classifications, and generated data classifications associated with a technical asset on the asset page.

To view data classifications for technical assets, ensure that the organization administrator grants your user role the View Data Classifications feature privilege in Informatica Intelligent Cloud Services Administrator. For more information about roles, users, and privileges, see the Introduction and Getting Started help module.

After you run the data classification capability for a catalog source in Metadata Command Center, you can curate the data classifications in Data Governance and Catalog. For more information about curating data classifications for technical assets, see the Working with Assets help module.

The following image shows the data element classifications.

Image depicting data element classification

Curate data classifications for technical assets

If you are a data owner and you want to label or classify data into a variety of categories that are critical to your organization, you can curate data classifications in Data Governance and Catalog.

After you add the data classification rules to a catalog source and run the data classification job for the catalog source in Metadata Command Center, you can curate the data classifications for columns and tables in that catalog source in Data Governance and Catalog. When you curate data classifications, you either accept the inferred data classifications to associate them to technical assets, or decline the inferred data classification associations. You can also manually associate columns and tables with one or more data classification rules that you have created. For information about creating data classifications, see the Administration help module in Metadata Command Center.

The following guidelines apply if you want to curate data classifications:

•You must be the stakeholder for the asset, and your organization administrator must grant your user role the Curate Data Classification privilege for the Data Governance and Catalog service in Informatica Intelligent Cloud Services Administrator.
•To modify the asset properties, you must be a stakeholder of the asset, and the organization administrator should provide your user role with the Create and Update permissions for the asset type. For more information about the available permissions and privileges that the organization administrator can enable, see the Introduction and Getting Started help.
•The data classifications that you want to curate should be in the Published Lifecycle stage.
•You can associate data classifications that have been configured with or without inclusion rules in Metadata Command Center.
•You can open any accepted or declined data classification to see all the technical assets with which the data classification is associated.

Accept or decline inferred data classifications

When you add data classification rules to a catalog source in Metadata Command Center, the system identifies the columns and tables that match the rules and displays one or more matched data classifications on the column or table asset pages in Data Governance and Catalog. If your role has the required privileges, you can see the inferred data classifications in the Accepted section of the Data Element Classifications or Data Entity Classifications panel.

The following image shows a column asset page with the inferred data element classifications that match the column data and metadata. All accepted data classification assets appear with an orange color border.

Image depicting the column asset page with accepted and declined data element classification with sensitivity label on the header.

If the data classifications inferred for the columns or tables are not suitable, you can decline the accepted data classifications from the Accepted section. The declined classifications move to the Declined section of the Data Element Classifications or Data Entity Classifications panel. The declined classification automatically changes from orange to grey color border. In the above example, three inferred data element classifications were declined for the column.

Manually associate data classifications with technical assets

If you did not add data classification rules while configuring the catalog source in Metadata Command Center, you can manually add data classifications to technical assets in Data Governance and Catalog. To manually associate data classifications with technical assets, perform one of the following actions:

•On the Data Element Classifications or Data Entity Classifications panel, click the add icon, and select one or more data classifications to associate with the data element or the or the data set.

The associated data classifications appear in the Accepted section of the Data Element Classifications panel for a data element or in the Data Entity Classification panel for a data set.

The following image shows the add icon and the manually associated classifications in the Data Elements Classifications panel on the column page.

Image of the Data Elements Classifications panel with the add icon and the manually added data classifications.

•Use the Curate button on the Contains tab to open the Curate Glossaries and Data Classifications dialog box. From this dialog box, you can manually associate data classifications with specific technical assets.

The following image shows the Curate button on the Contains tab of a data set page.

Image depicting the Curate button on the Contains tab of the technical data element page.

Bulk accept or decline inferred and manually associated data classifications

Optionally, you can bulk accept or decline all inferred and manually associated data classifications for the column or the table. Click the action menu and select one of the options to bulk accept declined classifications or decline all accepted data classifications.

The following image shows the options for bulk accepting or declining data classifications.

Image of the column asset page that shows the bulk accept or decline options for the data element classifications.

View data classification assets and their details

To view details of data classifications that are associated or recommended for a technical asset, open the technical asset page, and click the name of the data classification to open the data classification asset page. You can also enter a search query to find the data classification and then open the data classification asset page from the search results.

Data entity classification

The data entity classification asset page displays the following tabs:

•The Overview tab displays the Description, Classification Scope, and Associations sections.

The following table describes the properties of the Overview tab:

Field	Description
Description	General description about the asset.
Classification Scope	The data element classification rules that define the scope.
Associations	Displays the catalog sources and tables associated with this data entity classification.
Catalog Sources	Number of catalog sources for which the classifications apply.
Total Associations	Number of technical assets from different catalog sources for which the classifications apply.

•The Associations tab displays the list of all tables that are associated with this data entity classification.
•The Relationships tab displays the relationship that each table asset has with the data entity classification.

The following image shows the data entity classification asset page:

Image depicting the Classification Scope section.

Data element classification

The data element classification asset page displays the following tab:

•The Overview tab displays the Description, Classification Rule, and Associations sections.

The following table describes the properties of the Overview tab:

Field	Description
Description	General description about the asset.
Classification Rule	Display the rules defined in Metadata Command Center for the classification.
Associations	Displays the catalog sources and columns associated with this data element classification.
Catalog Sources	Number of catalog sources for which the classifications apply.
Total Associations	Number of technical assets from different catalog sources for which the classifications apply.

•The Associations tab displays the list of all columns that are associated with this data element classification.
•The Relationships tab displays the relationship that each column asset has with the data element classification.

The following image shows the data element classification asset page:

Image depicting the Data Element Classification asset page.

Generated classification

The generated classification asset page displays the following tab:

The Overview tab displays basic information for the generated classification.

The following table describes the properties of the Overview tab:

Field	Description
Catalog Sources	Number of catalog sources for which the classifications apply.
Total Associations	Number of technical assets from different catalog sources for which the classifications apply.

The Associations tab displays the total number of technical assets from different catalog sources that are associated with the generated classification.

The following table describes the properties of the Associations tab:

Field	Description
Name	Name of the technical asset.
Type	Type of the data element.
Associated Classifications	Number of data element classifications associated with the generated classification.
Hierarchy	Hierarchy of the technical asset from the catalog source to the smallest unit of data element.

The following image shows the generated data classifications asset page.

A generated classification may consist of technical assets from different catalog sources.

Image depicting tabs of generated data classification asset page

Sensitivity label for data element classifications

Sensitivity labels in Data Governance and Catalog help you classify and protect important data in your organization. This helps an organization understand the value of its data, evaluate whether the data is at risk, and execute control measures to mitigate risks. Data classification sensitivity also helps an organization to comply with relevant industry-specific regulatory mandates.

While creating a data element classification in Metadata Command Center, you can select the sensitivity level to indicate whether an asset is sensitive or non-sensitive. For more information on creating a data element classification, see the Administration help in Metadata Command Center.

In Data Governance and Catalog, you can view the sensitivity labels for the data elements that the classification is related to. You can search and find assets based on the sensitivity level by using appropriate search queries. For more information about search query examples, see the Working With Assets help.

View sensitivity of a data classification

To view the sensitivity of a data element classification in Data Governance and Catalog, the organization administrator must assign the following feature privileges for the Data Governance and Catalog services for your user role:

•View Profile Stats
•View Sensitive Data
•View Technical Assets

By default, the sensitivity attribute has the following three levels:

•High. Use for data that is sensitive for your organization. Typically, these can be confidential information, such as credit card details, customer emails and contact numbers, intellectual property, or financial records.
•Medium. Use for data that is moderately sensitive for your organization. Typically, these can be internally confidential information, such as employee IDs, technical information, or emails.
•Low. Use for data that is not sensitive for your organization. Typically, these can be public information, such as names, designations, qualifications, or public website content. The low sensitivity level is not specifically shown on the Data Governance and Catalog page.

Apart from the predefined sensitivity levels that are listed in this help, the Data Governance and Catalog interface can also list other sensitivity levels that your organization administrator can customize exclusively for your organization. For information about such sensitivity levels, contact your administrator. For more information about how your administrator can customize sensitivity levels, see the Administration help in Metadata Command Center.

You can view the sensitivity for data elements on various pages in Data Governance and Catalog. The following image displays the sensitivity of an asset on the asset page:

Image of an asset page that highlights the sensitivity badge.

Generated data classifications

Powered by CLAIRE, the system can automatically identify, analyze, and classify the data contained in the data elements without any human input. If you do not have the knowledge of the data present in the source system, you can let the system identify the meaning of data in the registered catalog sources and classify the columns automatically.

If you have selected Generated Data Classification in Metadata Command Center while configuring the catalog source, you can view the automatically generated classifications associated with the data elements of that catalog source on the technical asset page.

You can bulk export the generated classifications, make changes, and use the bulk import feature to re-import them into Data Governance and Catalog.

Working with generated data classifications

Once a classification is automatically generated for the data elements in a catalog source, you must either promote, reject, or demote it. Ensure to enable the Generated Data Classifications option in Metadata Command Center for the catalog source.

Searching a generated data classification

To search and view a generated classification in the asset page, ensure that your organization administrator enables the Read Technical Assets permission in Metadata Command Center and View Data Classification permission in Data Governance and Catalog.

1Type generated classifications as the search query in the search box. The generated classifications associated with the technical assets are displayed.

2 Click a selected generated classification to view it on the classification asset page.

Image depicting dearching a generated data classification

Promoting a generated data classification

You can promote a selected generated classification to a data element classification so that it can be associated automatically with the columns in a data element. Promotion means associating generated classifications to data element classifications and also to data elements associated with generated classifications.

To promote a generated classification, ensure that your organization administrator enables the Curate Data Classifications privilege for Data Governance and Catalog and Manage Data Classifications privilege for Metadata Command Center in Informatica Intelligent Cloud Services Administrator.

1 Select a CLAIRE-generated data classification and view the classification in the generated classification asset page.

2Click Promote from the top right corner or click Promote Generated Classification option in the Promotion section to associate the generated classification with the data element classification.

Note: After a promotion job is triggered, the Promote and Reject options on the generated classification asset page are grayed out.

You can promote a generated classification in the following two ways:

aPromoting a generated classification to associate an existing data element classification:

aOn the Promote Generated Classification page, select the data element classification from the existing list to associate it with the generated classification. The following table shows the properties of the Items section that you must select to promote the existing data element classification:

Field	Description
Data Element Classification	Name of the data element classification.
Sensitivity	Sensitivity of the data element classification.
Description	Description of the data element classification.

bClick Promote. A generated classification promotion job is triggered.

bPromoting a generated classification to associate with a newly created data element classification:

aIn the Promote Generated Classification page, enter the details about the new data element classification that you want to create. The following table shows the properties of the new data element classification:

Field	Description
Name	Name of the new data element classification.
Description	Description of the new data element classification.
Sensitivity	Sensitivity of the new data element classification.

bClick Promote. A generated classification promotion job is triggered.

Image depicting promotion of a generated classification

3Click View Status option to view the progress of the promotion job. After a promotion job is complete, you can view the data element classification that is associated with the generated classification on the generated classification asset page.

Rejecting a generated classification

To remove the generated classification from the system, you can reject a generated classification. To reject a generated classification, ensure that your organization administrator enables the Curate Data Classifications privilege for Data Governance and Catalog and Manage Data Classifications privilege for Metadata Command Center.

1Select a CLAIRE-generated data classification and view the classification in the generated classification asset page.

2Click Reject on the top right corner to remove the generated classification. The generated classification is no longer discoverable in the system.

Image depicting the rejection of a generated classification

Rejecting associations from a generated classification

You can also reject a maximum number of 25 associations from a generated classification at a time in any one of the following ways:

1Select the associations you want to reject. Click Reject from the selection list. You can reject multiple associations.

2Select the association you want to reject. Clear the selected associations from the Generated Classifications section on the asset page. You can only remove one selected association.

Image depicting rejection of multiple associations

Note: You can remove the associations even after the generated classification is promoted.

Demoting a generated classification

To remove the association of the generated classification with the data element classification, you can demote a generated classification.

To demote a generated classification, ensure that your organization administrator enables the Curate Data Classifications privilege for Data Governance and Catalog and the Manage Data Classifications privilege for Metadata Command Center. You can run a demotion job when the promotion job of the generated classification is complete. A demotion job is triggered when you clear the data element classification.

1 View the promoted generated classification in the generated classification asset page.

2Clear the data element classification to remove the association of the generated classification with the data element classification. When you clear the entry, the classification is no longer promoted.

Note: When you clear the created classification, the classification is discoverable, but it is no longer promoted as the mentioned classification.

Image depicting demotion of a generated classification

Viewing the triggered promotion, demotion, and rejection jobs

You can view the promoted, demoted, and rejected jobs in the Job Monitoring pages of Metadata Command Center and Data Governance and Catalog.

The following image shows the demoted and promoted jobs on the Job Monitoring page:

Image depicting the promoted and demoted jobs in the Job Monitoring page

Example of promoting, demoting and rejecting a generated classification

Let us assume you are a user who wants to promote a generated classification. In this example, if City is the generated classification for columns C1, C3, C4, and C6 in a table and you promote this generated classification as USA City, then the columns C1, C3, C4, and C6 have the values as USA City. If you run a generated classification job and want to add columns C7 and C9 to the same table later, you can promote these columns as USA City.

When you want to add newer columns, C10 and C11 to the table and do not want to promote the new columns as USA City, you can demote the generated classification. After you demote the USA city classification, the columns C10 and C11 no longer have the values as USA City. You can again promote these new columns with a new generated classification. However, the columns C1, C3, C4, C6, C7, and C9 still have generated classification values as USA City.

If you do not want the generated classification to be found in the system, you can reject it. In this situation, none of the columns remain associated with the generated classification that is rejected.

Lifecycle of a generated classification

The following image shows the generated classification process workflow:

Image depicting the generated classification process workflow

Viewing generated classification on the Asset page

Click the technical asset in the Associations tab of the generated classification asset page to view the generated classification on the Overview tab of the Asset page.

After a generated classification is promoted, the Data Elements Classifications section displays the data element that is associated with the generated classification.

Note: You cannot view the generated classification in the Generated Classifications section on the Asset page, after you promote a generated classification.

Image depicting generated classification on the asset page